VeriSign Offers Hackers $8,000 Bounty on Vista, IE 7 Flaws

Thanks to ThePitt for posting this in BPN.

VeriSign's iDefense Labs is offering money for remote code execution holes in Windows Vista and Internet Explorer 7 as a part of its pay-for-flaw VCP (Vulnerability Contributor Program) challenge. Via its Zero Day Initiative, 3Com's TippingPoint also pays researchers for exclusive rights to advance notification of unpublished vulnerabilities or exploit code. Once the companies have the vulnerability, they coordinate the process with the affected vendor, improve their own security software and resell it.

"Both Microsoft Internet Explorer and Microsoft Windows dominate their respective markets, and it is not surprising that the decision to update to the current release of Internet Explorer 7.0 and/or Windows Vista is fraught with uncertainty. Primary in the minds of IT security professionals is the question of vulnerabilities that may be present in these two groundbreaking products," iDefense said in a note announcing the bounty.

iDefense will pay $8,000, only up to six times, to the hacker that finds a unique vulnerability allowing an attacker to remotely exploit and execute arbitrary code on a default up-to-date and patched installation of either of the two Microsoft products. An extra sum between $2,000 and $4,000 (based on readability and documentation) will be offered for working exploit code that exploits the submitted vulnerability. Microsoft is not amused and believes an update for the software should be priority, not compensation for vulnerability information.

News source: eWeek

Report a problem with article
Previous Story

Cisco Sues Apple Over Use of iPhone Name

Next Story

Hellgate: London Multiplayer - Not Pay To Play? Huh?

11 Comments

Commenting is disabled on this article.

This should have been conducted ages ago, though I do believe that MS started something similar a while ago but didn't actually give money.

In other news Verisign has filed bankruptcy today after the millions of $8000 bounties paid out to hackers finding Vista / IE7 flaws....

Adams-Media said,
In other news Verisign has filed bankruptcy today after the millions of $8000 bounties paid out to hackers finding Vista / IE7 flaws....

If you actually used UAC and stuff, it would be a lot harder for hackers to get into your vista. Lets be honest, how many of XPs flaws are that easy to execute? Or require the user to execute them?

If people don't have the brains to not open every darn .exe file they see or every active x control they encounter, they wouldn't be attacked that easily.